The guys from Applidium claim to have cracked Siri’s security protocol and it could open the floodgates to third party developers and of course other hardware too. There is a downside, in order to use Siri on one of these other devices; you still need to have a UDID of an iPhone 4S device. A UDID is a Unique Device Identifier and is a 40 character unique number assigned to every iPhone.

The iPhone 4S sends identifiers everywhere. So if you want to use Siri on another device, you still need the identfier of at least one iPhone 4S. Of course we’re not publishing ours, but it’s very easy to retrieve one using the tools we’ve written. Of course Apple could blacklist an identifier, but as long as you’re keeping it for personal use, that should be allright!

Source: Applidium

Apple's video and audio streaming protocol, AirPlay, has had its private encryption key cracked which means in the future you might be able to get software, homebrew and open source alike, to do what requires proprietary or licensed devices like an Apple Airport Express or Apple TV to do today. James Laird is the one who reverse engineered the keys and has created an emulator called Shairport:

My girlfriend moved house, and her Airport Express no longer made it with her wireless access point. I figured it'd be easy to find an ApEx emulator - there are several open source apps out there to play to them. However, I was disappointed to find that Apple used a public-key crypto scheme, and there's a private key hiding inside the ApEx. So I took it apart (I still have scars from opening the glued case!), dumped the ROM, and reverse engineered the keys out of it. So, here is ShairPort, an open-source (Perl/C) replacement.

Finding a hardware box that's Wi-Fi enabled, has the appropriate audio or A/V output ports, and can be loaded with Shairport enabled software probably won't be easy, especially immediately, but the hacking community is nothing if not ingenious, so who knows what we'll see down the road? Any requests?

[mafipulations via MacRumors]

The cracking of GSM "encryption" has been making the inter-rounds lately, and this week on the Security Now! Podcast, Steve Gibson takes a look at how badly it's broken, and what the potential risks are. In simple terms, it means what you say on your iPhone -- or any GSM phone, which includes all phones on AT&T, T-Mobile, Rogers, and almost all phones internationally -- can be intercepted, decrypted, and listened to if a person has several thousand dollars worth of equipment and the motivation to do it. In more complex terms:

So again, we're now at the hobby level. We're at the level where the hobbyist with a couple thousand dollars can - needs to know nothing about radio and even hardware. And even all of the preprocessing steps for demultiplexing the data and analyzing it and performing spectrum analysis and finding the channels and everything, all of that's been done. There's even some people have taken - they're not at the GPL licensing, but they are - so they're proprietary licenses, but free, but they're open source and free for personal use, where turnkey packages to pull all this data together have been produced. There's even one which abstracts this USRP, this Universal Software Radio Peripheral, making it look like a network device so that Wireshark, our favorite packet capture utility, is able to capture GSM packets and decode them and show you all the bits and all the protocols and everything going on in a stream that you capture.

So, I mean, we're way far along in making this possible. In my opinion, this GSM Alliance is - they're saying what they have to say politically; but, if they really believe what they're saying, that they're in serious denial because this is no longer James Bond government-level sci-fi stuff. It would be entirely possible for a company who wanted to do some surveillance of a competitor to equip a van with some of this equipment, spending only tens of thousands of dollars, park it across the street from a competitor, aim their antennas at the competitor's building, and spend a day just streaming in, sucking in all of the cellphone traffic that is being transacted by the employees within the building, and then drive the van off and decrypt those conversations offline afterwards and find out what was being said. I mean, it is no longer difficult to do. It's entirely possible.

It should be noted that the GSMA (GSM Alliance) seems to consider this attack theoretical and impractical for now. If you're interested in more, check out the audio podcast [MP3 link] or the transcript.

So there have been some reports that the white iPhone 3G has been showing cracks in its plastic housing already. From the pictures shown, some look like it could be scratches while others look almost, definitively cracked. I knew that the plastic would not be as durable as the original iPhone's but cracks in the casing? That's a lot worse than I ever imagined.

Is this a case of internet propaganda or could this really be happening? Anyone with white iPhone 3Gs like to tell their side of the story?

ReadVia